Trusted

LeetSwap Losses Mount as Liquidity Exploit Costs Providers $600,000

2 mins
Updated by Geraint Price
Join our Trading Community on Telegram

In Brief

  • LeetSwap, a decentralized exchange, paused trading to investigate an exploit that cost liquidity providers 340 ETH.
  • The exploit, blamed on a function in one of LeetSwap's smart contracts, was spotted by a community contributor.
  • This hack is the second major exploit of LeetSwap, after the withdrawal of $12.5 million worth of Base memecoin Bald.
  • promo

Decentralized exchange (DEX) LeetSwap paused trading to investigate an exploit costing liquidity providers 340 ETH.

Peckshield blamed the exploit on the LeetSwapV2Pair::_transferFeesSupportingTaxTokens() function in one of the DEX’s smart contracts.

LeetSwap DEX Exploits Mount Quickly to $13 Million

One of the security firm’s community contributors first spotted the exploit using on-chain analysis.

Later, Peckshield dismissed LeetSwap’s claims that it forked its code from Solidly, an automated market-maker based on Uniswap V2. The DEX team said it was “working with on-chain security experts” to release locked liquidity.

The liquidity hack is the second major LeetSwap exploit after a project creator pulled $12.5 million of their Base meme coin Bald. Launched in 2022, LeetSwap is the largest decentralized exchange on Coinbase’s Base network, which aims to offer higher transaction speed and lower fees than Ethereum.

An exploit of centralized exchange LeetSwap costs investors 340 ETH increasing H2's DeFi losses to $60 million so far.
DeFi hacks came in at $480 million in H1 2023 | Source: Peckshield

In its Web3 security report earlier this year, Peckshield confirmed that DeFi hacks lost investors $480 million in H1.

Curve DEX Hackers Exploit Vyper Vulnerability

But concerns are rising that the 75% drop from 2022 may just be a curtain-raiser. On Sunday, hackers stole $70 million from Curve, one of the largest decentralized exchanges on Ethereum.

Starting with an $11 million exploit of the pETH-ETH liquidity pool, hackers then targeted the alETH-TH Alchemix pool, the CRV/ETH pool, Pendle’s pETH-ETH pool, and Metronome’s msETH-ETH pool. Altogether, the attacks stole $70 million, with about $20 million going to white-hats.

Experts say a reentrancy bug in the compiler for Vyper, the language used in several Curve smart contracts, provided the attack vector. A smart contract compiler changes human-readable language a coder writes into instructions blockchains can understand.

What is decentralized finance? Find out here.

But the analysis provided scant comfort to DeFi participants, who consider the exchange one of the pillars of decentralized finance. Curve’s core features are crucial to the liquidity of stablecoins used in several DeFi projects.

Got something to say about the LeetSwap exploits, the Curve hack, or anything else? Write to us or join the discussion on our Telegram channel. You can also catch us on TikTokFacebook, or Twitter.

🎄Best crypto platforms in Europe | December 2024
eToro eToro Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
3Commas 3Commas Explore
🎄Best crypto platforms in Europe | December 2024
eToro eToro Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
3Commas 3Commas Explore
🎄Best crypto platforms in Europe | December 2024

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

David-Thomas.jpg
David Thomas
David Thomas graduated from the University of Kwa-Zulu Natal in Durban, South Africa, with an Honors degree in electronic engineering. He worked as an engineer for eight years, developing software for industrial processes at South African automation specialist Autotronix (Pty) Ltd., mining control systems for AngloGold Ashanti, and consumer products at Inhep Digital Security, a domestic security company wholly owned by Swedish conglomerate Assa Abloy. He has experience writing software in C...
READ FULL BIO
Sponsored
Sponsored